Internet Security Center

What is a Firewall?

SECURITY DEFINITION

A firewall acts as defense for a local computer against viruses, worms, Trojans and brute-force hacking attacks. It can take the form of either software (a security program) or hardware (a physical router), but both perform the same function: Scanning incoming network traffic to make sure it doesn't contain blacklisted data. Firewalls scan each "packet" of data — small chunks of a larger whole, reduced in size for easy transmission — to make sure these packets don't contain anything malicious.

This scanning takes several forms. First, a firewall may screen any access requests and analyze the requesting service to make sure it has a known domain name and Internet address. Firewalls can also fully examine each packet of incoming data to look for strings of blacklisted code. Finally, firewalls may evaluate packets based on their similarity to other packets that have been recently sent and received. If the packets are within acceptable levels of similarity, they are allowed through.

Benefits

Borrowed from a similar concept in firefighting, the ultimate purpose of a firewall is to block anything that could "burn down" a user's computer. Firewalls are a necessity, whether from a software vendor or security provider.

Windows operating systems come with a built-in firewall, and it is usually advisable to leave it enabled. But in the case of a home network, a hardware-based solution such as a router is recommended. Security software companies typically bundle firewall solutions with their antivirus programs; in many cases, these firewalls are more sophisticated than those provided as part of a basic operating system. Common features of firewalls include logging and reporting of attacks — successful or not — along with alarm notifications in the event of a breach.

Drawbacks

Potential drawbacks include a slowdown in network traffic, especially if packets are being entirely analyzed by user's local computer. In addition, some firewalls accidentally block legitimate sites, but this can be corrected by making exceptions in the service's control panel and specifying which sites or ports are allowed past.